US20090106514A1 - Method for protecting data and method for managing access authority - Google Patents
Method for protecting data and method for managing access authority Download PDFInfo
- Publication number
- US20090106514A1 US20090106514A1 US12/198,120 US19812008A US2009106514A1 US 20090106514 A1 US20090106514 A1 US 20090106514A1 US 19812008 A US19812008 A US 19812008A US 2009106514 A1 US2009106514 A1 US 2009106514A1
- Authority
- US
- United States
- Prior art keywords
- storage device
- data
- computer system
- predetermined segment
- external storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 90
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Definitions
- the present invention generally relates to a method for protecting data, and more particularly, to method for protecting data and a method for managing an access authority for a storage device containing the data.
- Such a storage device typically has a controller adapted for locking and unlocking the storage device according to instructions issued by a basic input output system (BIOS) thereof.
- BIOS basic input output system
- the password for data protected by and stored in the storage device supporting password protection function is stored in a circuit board of the storage device.
- the present invention is directed to provide a method for protecting data, adapted for providing protection for data stored in a storage device equipped to a computer system, when the computer system executes a power-off procedure.
- the present invention is further directed to provide method for protecting data, adapted for providing protection for data stored in a storage device equipped to a computer system, when an operation system of the computer system is in a sleeping status, power saving status, or user logging out status.
- the present invention is further directed to provide a method for managing an access authority of a storage device.
- the method is adapted for providing protection for data stored in the storage device which is equipped to a computer system, when the computer system executes a power-off procedure or an operation system of the computer system is in a sleeping status, power saving status, or user logging out status.
- the present invention provides a method for protecting data, adapted for a computer system.
- the computer system includes a storage device.
- the method includes: when the computer system executes a power-off procedure, inspecting whether a preset external storage device is connected to the computer system; if it is determined that the preset external storage device is connected to the computer system, when the computer system executes the power-off procedure, backing up data of a predetermined segment of the storage device to the preset external storage device, and generating a back-up data, and then writing a specific data template to the predetermined segment for covering original data of the predetermined segment.
- the present invention provides a method for protecting data, adapted for a computer system, the computer system including a storage device.
- the method includes steps of: when the computer system is operated in an unusual operation status, inspecting whether a preset external storage device is connected to the computer system; if it is determined that the preset external storage device is connected to the computer system, while the computer system is operated in a usual operation status, backing up data of a predetermined segment of the storage device to the preset external storage device, and generating a back-up data, and then writing a specific data template to the predetermined segment for covering original data of the predetermined segment.
- the present invention further provides a method for managing an access authority for a storage device, adapted for managing a computer system including a plurality of storage devices.
- the method includes steps of: when the computer system is either being executed with a power-off procedure, or being operated in an unusual operation status, inspecting whether a preset external storage device is connected to the computer system; if it is determined that the preset external storage device is connected to the computer system, while the computer system is either being executed with the power-off procedure, or being operated in the unusual operation status, backing up data of a predetermined segment of at least one storage device selected from the storage devices to the preset external storage device, and generating a back-up data, and then writing a specific data template to the predetermined segment for covering original data of the predetermined segment, so that the data stored in the selected storage device cannot be accessed without being authorized.
- the present invention employs a preset external storage device for backing up data of a predetermined segment of a storage device, and further employs a specific data template for covering original data of the foregoing predetermined segment, so as to provide protection to the data stored in the storage device.
- a preset external storage device for backing up data of a predetermined segment of a storage device
- a specific data template for covering original data of the foregoing predetermined segment, so as to provide protection to the data stored in the storage device.
- the data stored in the predetermined segment is still the specific data template, so that the computer system is incapable of normally accessing the data stored in the predetermined segment of the storage device.
- the present invention is adapted for effectively protecting data stored in the storage device.
- FIG. 1 is a block diagram illustrating a system structure of a computer system according to an embodiment of the present invention.
- FIGS. 2A and 2B illustrate a flow chart illustrating a method for protecting data according to an embodiment of the present invention.
- FIGS. 3A and 3B show a flow chart illustrating a method for protecting data according to another embodiment of the present invention.
- FIGS. 4A and 4B show a flow chart illustrating a method for managing an access authority for a storage device according to another embodiment of the present invention.
- FIG. 5 is a block diagram illustrating a partial structure of another computer system according to an embodiment of the present invention.
- FIG. 1 is a block diagram illustrating a system structure of a computer system according to an embodiment of the present invention.
- the computer system 100 includes a central processing unit (CPU) 110 , a chipset 120 , a memory 130 , a storage device 140 , and a basic input output system (BIOS) unit 150 .
- the CPU 110 is coupled to the chipset 120 .
- the chipset 120 includes a north bridge chip and a south bridge chip.
- the CPU 110 is coupled to the memory 130 , the storage device 140 , and the BIOS unit 150 , via the chipset 120 .
- the memory 130 can be a dynamic random access memory (DRAM), a static random access memory (SRAM), a synchronous dynamic random access memory (SDRAM), or a double data random access memory (DDRAM).
- the storage device 140 for example is a hard drive, while in other embodiment of the present invention the storage device 140 can also be a flash memory.
- the BIOS unit 150 for example can be a flash memory or a read only memory (ROM) containing BIOS codes therein.
- the computer system 100 may be further connected with a preset external storage device 170 via a connecting interface 160 .
- the connecting interface 160 can be a universal serial bus (USB) interface, an IEEE 1394 interface, a serial advanced technology attachment (SATA) interface, or an integrated drive electronics (IDE) interface.
- the preset external storage device 170 can be a non-volatile storage device having a corresponding connecting interface, for example a USB drive.
- the computer system 100 of the embodiment is adapted for providing protection for data stored in the storage device 140 .
- the procedure of protecting data stored in the storage device 140 is going to be discussed in details below while further referring to a flow chart.
- FIGS. 2A and 2B illustrate a flow chart illustrating a method for protecting data according to an embodiment of the present invention.
- the method for protecting data is adapted for the computer system 100 of FIG. 1 .
- the method for protecting data can be complied with the BISO program stored in the BIOS unit 150 of the computer system 100 .
- the computer system 100 starts from steps S 202 , entering a power off procedure.
- the BIOS setting menu indicates a setting menu which can be entered by pressing a predetermined key (e.g., F8 key), when the computer system 100 is turned on and before entering the operation system.
- a predetermined key e.g., F8 key
- the CPU 110 of the computer system 100 executes the codes stored in the BISO unit 150 , for checking whether or not the preset external storage device 170 is connected with the computer system (step S 203 ).
- the computer system 100 may inspect whether the preset external storage device 170 is connected with the computer system or not by inspecting a status of a preset flag.
- the preset flag for example can be set in a register of the CPU 110 or in the memory 130 (not shown).
- step S 203 when the status of the preset flag is 1, that indicates that the preset external storage device 170 is connected to the computer system 100 (a result “YES” of step S 203 ).
- the computer system 100 backs up data of a predetermined segment of the storage device 140 to the preset external storage device 170 , thus generating a corresponding back-up data.
- the storage device 140 for example is a hard drive. Therefore, the foregoing predetermined segment of data can be a data of a master boot recorder (MBR SECTOR).
- step S 206 the computer system 100 directly completes the boot procedure.
- the BIOS codes executed by the computer system 100 control corresponding components of the computer system 100 (e.g., the CPU 110 and the chipset 120 ) to write a specific data template to the predetermined segment of the storage device 140 , and overwrite original data originally stored in the predetermined segment, for protecting data.
- the specific data template for example can be a specific word series, or an encoded word series which can be self-inspected.
- step S 205 the computer system 100 continuously executes the rest steps of the power-off procedure, until the computer is powered off (step S 206 ).
- the storage device 140 is a hard drive.
- data in a MBR SECTOR of a hard drive includes starting position and ending position of each partition sector of the hard drive. If the data in the MBR SECTOR of the hard drive is destroyed, the data stored in the hard drive cannot be accessed.
- the preset storage device 170 for example is a USB drive. As such, by complying with the method for protecting data according to the present invention, a user can take off the preset external storage device 170 to carry with him, so as to prohibit unauthorized individuals from accessing data stored in the storage device.
- step S 222 when a user restarts the computer system 100 , at step S 222 , the computer system 100 enters a boot procedure.
- the codes of the BIOS unit will be executed for checking whether or not the data in the predetermined segment of the storage device 140 is the specific template (step S 223 ).
- step S 227 If the codes of the BIOS unit 150 inspect that the data in the predetermined segment of the storage device 140 is not the specific data template (a result “NO” of step S 223 ), the computer system 100 normally executes the boot procedure for booting (step S 227 ).
- step S 224 the codes of the BIOS unit 150 check whether or not the preset external storage device 170 is connected to the computer system 100 .
- step S 224 the computer system 100 executes step S 228 , to terminate the power-on procedure. That means the computer system 100 cannot boot with the original data of the MBR sector of the storage device 140 in this case.
- step S 225 if the codes of the BIOS unit 150 inspect that the preset external storage device 170 is connected to the computer system 100 (a result “YES” of step S 224 ), the computer system 100 executes step S 225 .
- the BIOS codes executed by the computer system 100 control corresponding components (e.g., the CPU 110 and the chipset 120 ) to check whether or not the back-up data of the MBR sector of the storage device 140 is stored in the preset storage device 170 .
- step S 228 If the preset external storage device 170 does not contain the back-up data (a result “NO” of step S 225 ), the computer system executes step S 228 .
- step S 225 If the preset external storage device 170 contains the back-up data (a result “YES” of step S 225 ), the computer system further executes step S 226 .
- step S 226 the computer system 100 writes the back-up data stored in the preset external storage device 170 back to the predetermined segments of the storage device 140 via the connecting interface 160 and the chipset 120 , for recovering the original data of the predetermined segment, so as to allow the storage device to be normally accessed as usual. Then, the computer system 100 continues to execute the boot procedure booting (step S 227 ).
- the foregoing embodiment exemplifies the protection provided to the data stored in the storage device 140 when the computer system 100 executes the boot procedure.
- the scope of the present invention is not restricted by the foregoing embodiment.
- Another embodiment is to be illustrated below for further exemplifying the spirit of the present invention.
- FIGS. 3A and 3B show a flow chart illustrating a method for protecting data according to another embodiment of the present invention.
- the current embodiment provides a method for protecting data can be realized with an application program.
- the operation system of the computer system 100 enters step S 302 .
- an application program installed in the computer system 100 executes step S 303 , to check whether or not the preset external storage device 170 is connected to the computer system 100 .
- the unusual operation status can be a sleeping status, a power saving status, or a user logging out status.
- the application program determines whether the preset external storage device 170 is connected to the computer device or not by inspecting a status of a preset flag.
- step S 306 the computer system 100 continues to execute the corresponding operation under the unusual operation status. In such a way, the current embodiment provides protection to data stored in the storage device 140 .
- FIG. 3B being different from the embodiment of FIG. 2B , the current embodiment provides a method for protecting data can be realized with an application program.
- FIG. 3B and FIG. 2B are different in that: the method for protecting data of FIG. 2B is executed when the computer system 100 executes a boot procedure, while the method for protecting data of FIG. 3B is executed when restarting the operation system of the computer system 100 .
- steps S 223 , S 224 , S 225 are inspection operations executed by the computer system 100 with the codes of the BIOS unit 150
- steps S 232 , S 324 , S 325 are inspection operations executed by the computer system 100 when executing other application programs.
- the method of FIG. 3B is similar to FIG. 2B , and thus can be learnt by referring to the discussion of the FIG. 2B , and therefore is not to be iterated hereby.
- step S 323 because the application program installed in the computer system 100 checks that the data of the MBR sector of the storage device 140 has been overwritten by the specific data template, when executing steps S 324 and S 325 , the results obtained are all “NO”, and therefore, the method is directly directed to step S 328 , in which it is determined that the operation system of the computer system 100 is incapable of recovering the usual operation status by the original data of the storage device 140 .
- the present invention provides a method for protecting data. Further, when applying the foregoing embodiments, a method for managing an access authority for a storage device can be obtained as shown in FIGS. 4A and 4B . The flow of the method for managing an access authority can be learnt by referring to the embodiments of FIGS. 2A , 2 B, and 3 A, 3 B, and thus are to be iterated hereby. Further, the method for managing an access authority is further adapted for managing a computer system 500 including a plurality of storage devices, as shown in FIG. 5 . Referring to FIGS.
- the computer system 500 provided in the current embodiment includes a plurality of storage devices 510 _ 1 , 510 _ 2 , . . . , 510 — n , all of which being connected to a chipset 520 .
- a user A enables the foregoing method for protecting data when using the computer system 500 , in which the user A enables the storage device 510 _ 1 to operate the computer system 500 .
- the user B may have previously connected another preset external storage device NO. 2 to the computer system 500 , and then tries to use the storage device 500 _ 1 to power on the computer system 500 , or recover the computer system 500 to a usual operation status.
- the computer system will find that the preset external storage device NO. 2 is connected to the computer system 500 , such the original data of the predetermined segment of the storage device 510 _ 1 is not stored in a preset external storage device NO. 2 , and therefore, the computer system 500 is still incapable of completing the boot procedure or recovering the operation system to the usual operation status by the original data of the predetermined segment of the storage device 510 _ 1 .
- the storage devices 510 _ 2 through 510 — n are not provided with data protection, and therefore the user B can select data stored in one of the storage devices 510 _ 2 through 510 — n for powering on the computer system 500 , or recovering the operation system of the computer system 500 to the usual operation status.
- the user B can normally operate the computer system 500 , because the data stored in the storage device 510 _ 1 is being protected, the user B is still incapable of access the storage device 510 _ 1 .
- the computer system 500 can also back up data of a predetermined segment of the storage device 510 _ 2 to the preset external storage device NO. 2 . After backing up the data, a specific data template is written into the predetermined segment of the storage device 510 _ 2 , for protecting the data stored in the storage device 510 _ 2 .
- the preset external storage device NO. 1 in which the preset external storage device NO. 1 contains data of the predetermined segment of the storage device 510 _ 1 .
- the user A can use the hard drive 510 _ 1 for data access, and can also use the storage devices 510 _ 3 through 510 — n .
- the user A is not authorized to access the storage device 510 _ 2 .
- those protected storage device cannot be accessed by unauthorized users, for providing better data protection.
- the present invention employs a preset external storage device for backing up data of a predetermined segment of a storage device, and further employs a specific data template for covering original data of the foregoing predetermined segment, so as to provide protection to the data stored in the storage device.
- the data stored in the predetermined segment is still the specific data template, so that the computer system is incapable of normally accessing the data stored in the predetermined segment of the storage device.
- the present invention is adapted for effectively protecting data stored in the storage device.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Retry When Errors Occur (AREA)
Abstract
Description
- This application claims the priority benefit of Taiwan application serial no. 96139326, filed on Oct. 19, 2007. The entirety of the above-mentioned patent application is hereby incorporated by reference herein and made a part of this specification.
- 1. Field of the Invention
- The present invention generally relates to a method for protecting data, and more particularly, to method for protecting data and a method for managing an access authority for a storage device containing the data.
- 2. Description of Related Art
- Science and technology are being fast developed, and computer systems have also become important tools for people's daily life. Correspondingly, many storage devices have been developed for storing data for the computer systems. Typically, a user often store important data, such as personal information, meeting reports, and company confidential documents, in a storage device. However, when such a storage device is unfortunately lost, the important data contained therein may probably be leaked out.
- For the purpose of avoiding information leakage caused by the foregoing situation, there are storage devices having password protection function developed and being selling in the market. Such a storage device typically has a controller adapted for locking and unlocking the storage device according to instructions issued by a basic input output system (BIOS) thereof. Although, it is conventional to use a password to protect the data contained in a computer system, such kind of protection is not as safe as desired. Typically, the password for data protected by and stored in the storage device supporting password protection function is stored in a circuit board of the storage device. Therefore, in some cases, one may access the data stored in the storage device by disassemble the storage device from the computer system, and then replacing the circuit board having the password stored therein of the storage device with a same type circuit board, and then reinstalling the storage device back to the computer system.
- As such, it is desired to provide better protection for the data stored in data storage devices.
- Accordingly, the present invention is directed to provide a method for protecting data, adapted for providing protection for data stored in a storage device equipped to a computer system, when the computer system executes a power-off procedure.
- The present invention is further directed to provide method for protecting data, adapted for providing protection for data stored in a storage device equipped to a computer system, when an operation system of the computer system is in a sleeping status, power saving status, or user logging out status.
- The present invention is further directed to provide a method for managing an access authority of a storage device. The method is adapted for providing protection for data stored in the storage device which is equipped to a computer system, when the computer system executes a power-off procedure or an operation system of the computer system is in a sleeping status, power saving status, or user logging out status.
- The present invention provides a method for protecting data, adapted for a computer system. The computer system includes a storage device. The method includes: when the computer system executes a power-off procedure, inspecting whether a preset external storage device is connected to the computer system; if it is determined that the preset external storage device is connected to the computer system, when the computer system executes the power-off procedure, backing up data of a predetermined segment of the storage device to the preset external storage device, and generating a back-up data, and then writing a specific data template to the predetermined segment for covering original data of the predetermined segment.
- Viewing from another point, the present invention provides a method for protecting data, adapted for a computer system, the computer system including a storage device. The method includes steps of: when the computer system is operated in an unusual operation status, inspecting whether a preset external storage device is connected to the computer system; if it is determined that the preset external storage device is connected to the computer system, while the computer system is operated in a usual operation status, backing up data of a predetermined segment of the storage device to the preset external storage device, and generating a back-up data, and then writing a specific data template to the predetermined segment for covering original data of the predetermined segment.
- Viewing from another point, the present invention further provides a method for managing an access authority for a storage device, adapted for managing a computer system including a plurality of storage devices. The method includes steps of: when the computer system is either being executed with a power-off procedure, or being operated in an unusual operation status, inspecting whether a preset external storage device is connected to the computer system; if it is determined that the preset external storage device is connected to the computer system, while the computer system is either being executed with the power-off procedure, or being operated in the unusual operation status, backing up data of a predetermined segment of at least one storage device selected from the storage devices to the preset external storage device, and generating a back-up data, and then writing a specific data template to the predetermined segment for covering original data of the predetermined segment, so that the data stored in the selected storage device cannot be accessed without being authorized.
- The present invention employs a preset external storage device for backing up data of a predetermined segment of a storage device, and further employs a specific data template for covering original data of the foregoing predetermined segment, so as to provide protection to the data stored in the storage device. Before recovering data of the predetermined segment back to the original data, the data stored in the predetermined segment is still the specific data template, so that the computer system is incapable of normally accessing the data stored in the predetermined segment of the storage device. As such, the present invention is adapted for effectively protecting data stored in the storage device.
- The accompanying drawings are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification. The drawings illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention.
-
FIG. 1 is a block diagram illustrating a system structure of a computer system according to an embodiment of the present invention. -
FIGS. 2A and 2B illustrate a flow chart illustrating a method for protecting data according to an embodiment of the present invention. -
FIGS. 3A and 3B show a flow chart illustrating a method for protecting data according to another embodiment of the present invention. -
FIGS. 4A and 4B show a flow chart illustrating a method for managing an access authority for a storage device according to another embodiment of the present invention. -
FIG. 5 is a block diagram illustrating a partial structure of another computer system according to an embodiment of the present invention. - Reference will now be made in detail to the present preferred embodiments of the invention, examples of which are illustrated in the accompanying drawings. Wherever possible, the same reference counting numbers are used in the drawings and the description to refer to the same or like parts.
-
FIG. 1 is a block diagram illustrating a system structure of a computer system according to an embodiment of the present invention. Referring toFIG. 1 , it shows acomputer system 100. Thecomputer system 100 includes a central processing unit (CPU) 110, achipset 120, amemory 130, astorage device 140, and a basic input output system (BIOS)unit 150. TheCPU 110 is coupled to thechipset 120. Generally, thechipset 120 includes a north bridge chip and a south bridge chip. TheCPU 110 is coupled to thememory 130, thestorage device 140, and theBIOS unit 150, via thechipset 120. - In the current embodiment, the
memory 130 can be a dynamic random access memory (DRAM), a static random access memory (SRAM), a synchronous dynamic random access memory (SDRAM), or a double data random access memory (DDRAM). Further, thestorage device 140 for example is a hard drive, while in other embodiment of the present invention thestorage device 140 can also be a flash memory. TheBIOS unit 150 for example can be a flash memory or a read only memory (ROM) containing BIOS codes therein. - Further, in addition to the built-in
storage device 140, thecomputer system 100 may be further connected with a presetexternal storage device 170 via aconnecting interface 160. The connectinginterface 160 can be a universal serial bus (USB) interface, an IEEE 1394 interface, a serial advanced technology attachment (SATA) interface, or an integrated drive electronics (IDE) interface. The presetexternal storage device 170 can be a non-volatile storage device having a corresponding connecting interface, for example a USB drive. - Further, the
computer system 100 of the embodiment is adapted for providing protection for data stored in thestorage device 140. The procedure of protecting data stored in thestorage device 140 is going to be discussed in details below while further referring to a flow chart. -
FIGS. 2A and 2B illustrate a flow chart illustrating a method for protecting data according to an embodiment of the present invention. The method for protecting data is adapted for thecomputer system 100 ofFIG. 1 . Referring toFIGS. 1 and 2A , the method for protecting data can be complied with the BISO program stored in theBIOS unit 150 of thecomputer system 100. When a user enables the method for protecting data in a BIOS setting menu, thecomputer system 100 starts from steps S202, entering a power off procedure. The BIOS setting menu indicates a setting menu which can be entered by pressing a predetermined key (e.g., F8 key), when thecomputer system 100 is turned on and before entering the operation system. - When the
computer system 100 enters the boot procedure, theCPU 110 of thecomputer system 100 executes the codes stored in theBISO unit 150, for checking whether or not the presetexternal storage device 170 is connected with the computer system (step S203). In some embodiments, thecomputer system 100 may inspect whether the presetexternal storage device 170 is connected with the computer system or not by inspecting a status of a preset flag. The preset flag for example can be set in a register of theCPU 110 or in the memory 130 (not shown). - For example, when the status of the preset flag is 1, that indicates that the preset
external storage device 170 is connected to the computer system 100 (a result “YES” of step S203). - At step S204, the
computer system 100 backs up data of a predetermined segment of thestorage device 140 to the presetexternal storage device 170, thus generating a corresponding back-up data. In the current embodiment, thestorage device 140 for example is a hard drive. Therefore, the foregoing predetermined segment of data can be a data of a master boot recorder (MBR SECTOR). - Further when the status of the preset flag is 0, that indicates that the preset
external storage device 170 is not connected to the computer system 100 (a result “NO” of step S203), then thecomputer system 100 directly completes the boot procedure (step S206). - Further, at step S205, the BIOS codes executed by the
computer system 100 control corresponding components of the computer system 100 (e.g., theCPU 110 and the chipset 120) to write a specific data template to the predetermined segment of thestorage device 140, and overwrite original data originally stored in the predetermined segment, for protecting data. In the current embodiment, the specific data template for example can be a specific word series, or an encoded word series which can be self-inspected. - After executing step S205, the
computer system 100 continuously executes the rest steps of the power-off procedure, until the computer is powered off (step S206). - In the current embodiment, the
storage device 140 is a hard drive. Generally, data in a MBR SECTOR of a hard drive includes starting position and ending position of each partition sector of the hard drive. If the data in the MBR SECTOR of the hard drive is destroyed, the data stored in the hard drive cannot be accessed. Further, in the current embodiment, thepreset storage device 170 for example is a USB drive. As such, by complying with the method for protecting data according to the present invention, a user can take off the presetexternal storage device 170 to carry with him, so as to prohibit unauthorized individuals from accessing data stored in the storage device. - Then, when the user want to use the
computer system 100 again, he is allowed to complete the boot procedure assisted by the presetexternal storage device 170 containing the original data of the predetermined segment of thestorage device 140. Details may be learnt by referring to the illustration below. - Referring to
FIGS. 1 and 2B together, when a user restarts thecomputer system 100, at step S222, thecomputer system 100 enters a boot procedure. During the boot procedure, the codes of the BIOS unit will be executed for checking whether or not the data in the predetermined segment of thestorage device 140 is the specific template (step S223). - If the codes of the
BIOS unit 150 inspect that the data in the predetermined segment of thestorage device 140 is not the specific data template (a result “NO” of step S223), thecomputer system 100 normally executes the boot procedure for booting (step S227). - Or otherwise, if the codes of the
BIOS unit 150 check that the data in the predetermined segment of thestorage device 140 is the specific template (a result “YES” of step S223), thecomputer system 100 executes step S224. At step S224, the codes of theBIOS unit 150 check whether or not the presetexternal storage device 170 is connected to thecomputer system 100. - Because the data of the MBR sector of the
storage device 140 has been overwritten by the specific data template, if the codes of theBIOS unit 150 inspect that the presetexternal storage device 170 is not connected to the computer system 100 (a result “NO” of step S224), thecomputer system 100 executes step S228, to terminate the power-on procedure. That means thecomputer system 100 cannot boot with the original data of the MBR sector of thestorage device 140 in this case. - In other words, if the codes of the
BIOS unit 150 inspect that the presetexternal storage device 170 is connected to the computer system 100 (a result “YES” of step S224), thecomputer system 100 executes step S225. - At step S225, the BIOS codes executed by the
computer system 100 control corresponding components (e.g., theCPU 110 and the chipset 120) to check whether or not the back-up data of the MBR sector of thestorage device 140 is stored in thepreset storage device 170. - If the preset
external storage device 170 does not contain the back-up data (a result “NO” of step S225), the computer system executes step S228. - If the preset
external storage device 170 contains the back-up data (a result “YES” of step S225), the computer system further executes step S226. - At step S226, the
computer system 100 writes the back-up data stored in the presetexternal storage device 170 back to the predetermined segments of thestorage device 140 via the connectinginterface 160 and thechipset 120, for recovering the original data of the predetermined segment, so as to allow the storage device to be normally accessed as usual. Then, thecomputer system 100 continues to execute the boot procedure booting (step S227). - The foregoing embodiment exemplifies the protection provided to the data stored in the
storage device 140 when thecomputer system 100 executes the boot procedure. However, the scope of the present invention is not restricted by the foregoing embodiment. Another embodiment is to be illustrated below for further exemplifying the spirit of the present invention. -
FIGS. 3A and 3B show a flow chart illustrating a method for protecting data according to another embodiment of the present invention. Referring toFIGS. 1 and 3A , being different from the foregoing, the current embodiment provides a method for protecting data can be realized with an application program. When a user enables the method for protecting data from an operation system of the computer system, the operation system of thecomputer system 100 enters step S302. At step S302, when the computer system enters an unusual operation status, an application program installed in thecomputer system 100 executes step S303, to check whether or not the presetexternal storage device 170 is connected to thecomputer system 100. - In the current embodiment, the unusual operation status can be a sleeping status, a power saving status, or a user logging out status. Further, in other embodiments, the application program determines whether the preset
external storage device 170 is connected to the computer device or not by inspecting a status of a preset flag. - Further, the process of determining whether the preset
external storage device 170 is connected to the computer device or not can be learnt by referring to the foregoing embodiment, and steps S304, S305 are same or similar to steps S204, S205 ofFIG. 2 a, respectively, and thus are not to be iterated hereby. Finally, at step S306, thecomputer system 100 continues to execute the corresponding operation under the unusual operation status. In such a way, the current embodiment provides protection to data stored in thestorage device 140. - Referring to
FIG. 3B , being different from the embodiment ofFIG. 2B , the current embodiment provides a method for protecting data can be realized with an application program.FIG. 3B andFIG. 2B are different in that: the method for protecting data ofFIG. 2B is executed when thecomputer system 100 executes a boot procedure, while the method for protecting data ofFIG. 3B is executed when restarting the operation system of thecomputer system 100. - Further, steps S223, S224, S225 are inspection operations executed by the
computer system 100 with the codes of theBIOS unit 150, while steps S232, S324, S325 are inspection operations executed by thecomputer system 100 when executing other application programs. As such, the method ofFIG. 3B is similar toFIG. 2B , and thus can be learnt by referring to the discussion of theFIG. 2B , and therefore is not to be iterated hereby. - Further referring to
FIG. 3B , at step S323, because the application program installed in thecomputer system 100 checks that the data of the MBR sector of thestorage device 140 has been overwritten by the specific data template, when executing steps S324 and S325, the results obtained are all “NO”, and therefore, the method is directly directed to step S328, in which it is determined that the operation system of thecomputer system 100 is incapable of recovering the usual operation status by the original data of thestorage device 140. - It can be learnt from the foregoing embodiments that the present invention provides a method for protecting data. Further, when applying the foregoing embodiments, a method for managing an access authority for a storage device can be obtained as shown in
FIGS. 4A and 4B . The flow of the method for managing an access authority can be learnt by referring to the embodiments ofFIGS. 2A , 2B, and 3A, 3B, and thus are to be iterated hereby. Further, the method for managing an access authority is further adapted for managing a computer system 500 including a plurality of storage devices, as shown inFIG. 5 . Referring toFIGS. 4 and 5 , the computer system 500 provided in the current embodiment includes a plurality of storage devices 510_1, 510_2, . . . , 510 — n, all of which being connected to achipset 520. - Supposing that the computer system 500 is adapted for the method for protecting data as shown in
FIGS. 2A , 2B, 3A, and 3B, a user A enables the foregoing method for protecting data when using the computer system 500, in which the user A enables the storage device 510_1 to operate the computer system 500. - When the computer system 500 is being powered off, or other operation systems are in unusual operation statuses (i.e., sleeping status, power saving status, or user logging out status), it is preferred to back up data of a predetermined segment of the storage device 510_1 to a preset external storage device NO.1, corresponding to the flow of data protection shown in
FIG. 2A orFIG. 3A . After backing up the data, a specific data template is written into the predetermined segment of the storage device 510_1, for protecting the data stored in the storage device 510_1. - However, when an unauthorized user B comes to use the computer system 500, he may try to use the storage device 500_1 to power on the computer system 500, or recover the computer system 500 to a usual operation status. When the computer system 500 enters the boot procedure or restarting the operation system of the computer system 500, it might be found that the preset storage device is not connected to the computer system 500, so that the computer system 500 is incapable of completing the boot procedure or recovering the operation system to the usual operation status by the original data of the predetermined segment of the storage device 510_1.
- When using the computer system 500, the user B may have previously connected another preset external storage device NO.2 to the computer system 500, and then tries to use the storage device 500_1 to power on the computer system 500, or recover the computer system 500 to a usual operation status. Although, in this case, the computer system will find that the preset external storage device NO.2 is connected to the computer system 500, such the original data of the predetermined segment of the storage device 510_1 is not stored in a preset external storage device NO.2, and therefore, the computer system 500 is still incapable of completing the boot procedure or recovering the operation system to the usual operation status by the original data of the predetermined segment of the storage device 510_1.
- Further, the storage devices 510_2 through 510 — n are not provided with data protection, and therefore the user B can select data stored in one of the storage devices 510_2 through 510 — n for powering on the computer system 500, or recovering the operation system of the computer system 500 to the usual operation status. However, even though the user B can normally operate the computer system 500, because the data stored in the storage device 510_1 is being protected, the user B is still incapable of access the storage device 510_1.
- If the user B selects the storage device 510_2 for accessing data, and if he similarly enables the foregoing method for protecting data after accessing the data, when the computer system 500 executes a power-off procedure, or the operation system of the computer system 500 is in an unusual operation status, the computer system 500 can also back up data of a predetermined segment of the storage device 510_2 to the preset external storage device NO.2. After backing up the data, a specific data template is written into the predetermined segment of the storage device 510_2, for protecting the data stored in the storage device 510_2.
- Then, when the user A operates the computer system 500 again, he is allowed to complete the boot procedure or recover the operation system of the computer system 500 to the usual operation status, by the preset external storage device NO.1, in which the preset external storage device NO.1 contains data of the predetermined segment of the storage device 510_1.
- After completing the boot procedure or recovering the operation system to the usual operation status of the computer system 500, the user A can use the hard drive 510_1 for data access, and can also use the storage devices 510_3 through 510 — n. However, because the data stored in the storage devices 510_2 has already been protected, the user A is not authorized to access the storage device 510_2. As such, before being recovered back to the original data, those protected storage device cannot be accessed by unauthorized users, for providing better data protection.
- In summary, the present invention employs a preset external storage device for backing up data of a predetermined segment of a storage device, and further employs a specific data template for covering original data of the foregoing predetermined segment, so as to provide protection to the data stored in the storage device. Before recovering data of the predetermined segment back to the original data, the data stored in the predetermined segment is still the specific data template, so that the computer system is incapable of normally accessing the data stored in the predetermined segment of the storage device. As such, the present invention is adapted for effectively protecting data stored in the storage device.
- It will be apparent to those skilled in the art that various modifications and variations can be made to the structure of the present invention without departing from the scope or spirit of the invention. In view of the foregoing, it is intended that the present invention cover modifications and variations of this invention provided they fall within the scope of the following claims and their equivalents.
Claims (16)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW96139326 | 2007-10-19 | ||
TW096139326A TWI362600B (en) | 2007-10-19 | 2007-10-19 | Method for protecting data and managing access authority thereof |
TW96139326A | 2007-10-19 |
Publications (2)
Publication Number | Publication Date |
---|---|
US20090106514A1 true US20090106514A1 (en) | 2009-04-23 |
US8225056B2 US8225056B2 (en) | 2012-07-17 |
Family
ID=40564656
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/198,120 Active 2031-05-02 US8225056B2 (en) | 2007-10-19 | 2008-08-26 | Method for protecting data and method for managing access authority |
Country Status (2)
Country | Link |
---|---|
US (1) | US8225056B2 (en) |
TW (1) | TWI362600B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4951249A (en) * | 1986-10-24 | 1990-08-21 | Harcom Security Systems Corp. | Method and apparatus for controlled access to a computer system |
US5809230A (en) * | 1996-01-16 | 1998-09-15 | Mclellan Software International, Llc | System and method for controlling access to personal computer system resources |
US6507905B1 (en) * | 1999-09-30 | 2003-01-14 | International Business Machines Corporation | System for modifying a master partition table of a master boot record to create a personalized local data drive having dedicated allocation for a specified user |
US7111203B2 (en) * | 2002-03-20 | 2006-09-19 | Legend (Beijing) Limited | Method for implementing data backup and recovery in computer hard disk |
US20070220227A1 (en) * | 2006-03-17 | 2007-09-20 | Emc Corporation | Techniques for managing data within a data storage system utilizing a flash-based memory vault |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW454145B (en) | 2000-02-08 | 2001-09-11 | Pro Team Comp Corp | A method for controlling and replacing priorities of system BIOS on the motherboard and solving its abnormality |
CN1277219C (en) | 2003-01-15 | 2006-09-27 | 泽浦科技股份有限公司 | Method for protecting data of storage unit and system |
TWI291087B (en) | 2005-05-10 | 2007-12-11 | Quanta Comp Inc | Portable computer and data backup method thereof |
-
2007
- 2007-10-19 TW TW096139326A patent/TWI362600B/en active
-
2008
- 2008-08-26 US US12/198,120 patent/US8225056B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4951249A (en) * | 1986-10-24 | 1990-08-21 | Harcom Security Systems Corp. | Method and apparatus for controlled access to a computer system |
US5809230A (en) * | 1996-01-16 | 1998-09-15 | Mclellan Software International, Llc | System and method for controlling access to personal computer system resources |
US6507905B1 (en) * | 1999-09-30 | 2003-01-14 | International Business Machines Corporation | System for modifying a master partition table of a master boot record to create a personalized local data drive having dedicated allocation for a specified user |
US7111203B2 (en) * | 2002-03-20 | 2006-09-19 | Legend (Beijing) Limited | Method for implementing data backup and recovery in computer hard disk |
US20070220227A1 (en) * | 2006-03-17 | 2007-09-20 | Emc Corporation | Techniques for managing data within a data storage system utilizing a flash-based memory vault |
Also Published As
Publication number | Publication date |
---|---|
TWI362600B (en) | 2012-04-21 |
TW200919250A (en) | 2009-05-01 |
US8225056B2 (en) | 2012-07-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5711160B2 (en) | Method and computer for protecting passwords | |
US8086839B2 (en) | Authentication for resume boot path | |
US7929706B2 (en) | Encryption key restoring method, information processing apparatus, and encryption key restoring program | |
US7644860B2 (en) | Information processing apparatus having illegal access prevention function and illegal access prevention method | |
CN1323354C (en) | Detecting modifications made to code placed in memory by the POST BIOS | |
JP2004151785A (en) | Detachable device and method for starting program | |
US20060218387A1 (en) | System and method for backup and recovery of data stored in a hard disk of a computer | |
US20030145191A1 (en) | Computer system and method of controlling the same | |
US7783918B2 (en) | Data protection method of storage device | |
US8370612B2 (en) | Computer system with built-in hidden two operating devices | |
US9514040B2 (en) | Memory storage device and memory controller and access method thereof | |
CN101315656A (en) | Information processing apparatus | |
US20060282902A1 (en) | Security device and method for information processing apparatus | |
JP2008262454A (en) | Software update method of thin client terminal, thin client terminal, and thin client system | |
JP3766429B2 (en) | Detachable device | |
US8225056B2 (en) | Method for protecting data and method for managing access authority | |
KR20180066601A (en) | Method of driving memory system | |
CN101369304B (en) | Computer system starting and hard disk data protection method, and its data protection module | |
US20070234104A1 (en) | Computer platform setup configuration data backup handling method and system | |
CN101414284A (en) | Data protection method and access authority management method | |
CN103677875A (en) | Method for starting electronic equipment, method for controlling permission and electronic equipment | |
US20090049543A1 (en) | Method for booting and protecting data in hard disk of computer system and module for protecting data thereof | |
US20150317181A1 (en) | Operating system switching method | |
JP2001306266A (en) | Method for protecting data in hard disk and computer system | |
JP2007065852A (en) | Information processor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: ASUSTEK COMPUTER INC., TAIWAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:WANG, CHIN-YU;REEL/FRAME:021477/0503 Effective date: 20080820 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 12 |